Meta

Subscribe

PKI Certificate Verification MP – Update 1.2.1.3

Posted by rburri on August, 12 2014

The 1st update to the rewritten certificate management pack is ready. The update to 1.2.1.3 is mostly about more powerful filtering options for the certificate discoveries. It is now possible to use regular expressions to:

Include / Exclude based on “Subject”

Include / Exclude based on “Issuer”

Exclude based on “Enhanced Key Usage” OIDs

Note that the filters will have to be based on the exact string output of the certificate objects as presented in PowerShell. Hence check those before attempting to write RegEx filters using:

ls cert:\LocalMachine\My | fl Subject, Issuer

All characters (including blanks) are being taken into account. The discovery filters are using .NET RegEx expression syntax. Please test your expressions using a suitabe tool before using them for your overrides (I am often using Regex Hero but there are plenty of other options out there).

Once store discovery is enabled, the default filter settings of the MP will discover any certificates with the exception of self-signed and MS NAP ones. Refer to the MP guide and the release notes if you plan to make use of the advanced filter options. And remember to override the store discovery, not the certificate one.

Download

Like this:

LikeLoading...

Related

This entry was posted on August, 12 2014 at 10:26 and is filed under SCOm 2012.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.